SELinux on GFS2 (with Pacemaker)

All general questions related to SELinux

Moderator: xeont

SELinux on GFS2 (with Pacemaker)

Postby crylium » Wed Jan 27, 2016 12:12 pm

I'm following the article below and building a 3-node Pacemaker cluster on CentOS 7 with iSCSI shared storage (GFS2).

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Global_File_System_2/index.html#s2-selinux-gfs2-gfs2

It all works OK, a GFS2 volume is mounted and accessible on all nodes.

The thing that I'm worried about it this bit from official redHat documnetation:

"Security Enhanced Linux (SELinux) is highly recommended for security reasons in most situations, but it is not supported for use with GFS2. SELinux stores information using extended attributes about every file system object. Reading, writing, and maintaining these extended attributes is possible but slows GFS2 down considerably. You must turn SELinux off on a GFS2 file system when you mount the file system, using one of the context options as described on the mount(8) man page. "

A GFS2 volume is mounted on /cluster/storage and the current security context can be seen below:

Code: Select all
[pcmk]# ls -ldZ /cluster/storage/
drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /cluster/storage/


I did read the man page for 'mount' and checked the context= bit there, however, I'm not sure on what exactly context needs to be applied to GFS2.

Any ideas, suggestions?
crylium
 
Posts: 3
Joined: Wed Jan 27, 2016 12:00 pm

Re: SELinux on GFS2 (with Pacemaker)

Postby crylium » Fri Feb 26, 2016 3:32 pm

I worked it around by using a SELinux context which does not load xattr.
crylium
 
Posts: 3
Joined: Wed Jan 27, 2016 12:00 pm


Return to General Questions

Who is online

Users browsing this forum: No registered users and 1 guest
cron